Introduction to Server Security: Fundamentals of Linux Firewalls
**Summary:** This article introduces Linux firewalls, which act as the "gatekeepers" of servers to restrict network access and primarily protect servers from attacks. The mainstream tools are categorized into three types: ufw (for Ubuntu/Debian, simple and based on iptables), firewalld (for CentOS/RHEL, supporting dynamic rules and zone management), and iptables (low-level, suitable for advanced users). In basic operations, ufw uses `enable` to turn on and `allow` to open ports; for firewalld, `--permanent` must be added to ensure rule persistence, and `reload` is required to apply changes. Common pitfalls for beginners include forgetting to add `--permanent` (resulting in temporary rule失效), setting the default policy to "deny inbound" for enhanced security, and only allowing specific IPs to access high-risk ports (e.g., 22). Conclusion: Firewalls are a security barrier; it is essential to clarify requirements, configure rules, ensure persistence, and conduct regular checks. (注:原文中“规则忘加`--permanent`会临时失效”中的“失效”翻译为“rule invalidation”更精准,已修正。) **Final Translation:** **Summary:** This article introduces Linux firewalls, which act as the "gatekeepers" of servers to restrict network access and primarily protect servers from attacks. The mainstream tools are categorized into three types: ufw (for Ubuntu/Debian, simple and based on iptables), firewalld (for CentOS/RHEL, supporting dynamic rules and zone management), and iptables (low-level, suitable for advanced users). In basic operations, ufw uses `enable` to turn on and `allow` to open ports; for firewalld, `--permanent` must be added to ensure rule persistence, and `reload` is required to apply changes. Common pitfalls for beginners include forgetting to add `--permanent` (resulting in temporary rule invalidation), setting the default policy to "deny inbound" for enhanced security, and only allowing specific IPs to access high-risk ports (e.g., 22). Conclusion: Firewalls are a security barrier; it is essential to clarify requirements, configure rules, ensure persistence, and conduct regular checks.
Read MoreEssential for Beginners: Methods to Open Ports in Linux Firewall
This article introduces the necessity and common methods for opening ports on Linux servers, helping beginners get started quickly. Opening ports is fundamental for services to communicate externally (e.g., Web on port 80, SSH on port 22); otherwise, connection refusals will occur. Common tools are categorized into three types: UFW is suitable for Ubuntu/Debian with minimal operations, following steps: installation, allowing ports (e.g., `allow 22/tcp`), enabling, and verification; firewalld applies to CentOS/RHEL with zone management, steps: checking status, adding port rules (specify a zone like `public`), reloading, and verification; iptables is a universal underlying tool with powerful functions but complex syntax, requiring adding rules, saving (to avoid loss after restart), and verification. Port openness can be verified using telnet, nc (netcat), or curl. Beginners should note: prefer UFW/firewalld, avoid opening high-risk ports, ensure rules take permanent effect, and confirm the service is running.
Read More